Forum Discussion

bman_12685's avatar
bman_12685
Icon for Nimbostratus rankNimbostratus
Jun 01, 2012

smtp irule for access control

Hello,     I am trying to either preserve the source ip information so that existing smtp rules and greylists continue to work but ensure fault tolerance by placing smtp servers befind an f5 vip...
application delivery
dev
devops
iRules
bman_12685's avatar
bman_12685
Icon for Nimbostratus rankNimbostratus
Jun 07, 2012
basically I have a new rule set that implements a whitelist, a blacklist and a greylist however one part I am missing is the dnsrbl ability in milter-greylist that now I have to figure out any one have any ideas?

My irule is as so 

 
when RULE_INIT {
  set static::debug 1
}

when CLIENT_ACCEPTED {

if { [class match [IP::remote_addr] equals  smtp_relay_allowed ] } {
    log local0. "Node  IP address is: [IP::remote_addr] whitelisted as smtp_relay_allowed"
    snatpool smtp_mailpool
   }
if { [class match [IP::remote_addr] equals  smtp_spambot_reject] } {
    log local0. "Node IP address is: [IP::remote_addr] rejecting due to data group smtp_spambot_reject"
    reject
   } else {
   snatpool untrust_smtp_mailpool
   }
}

so the above allows smtp to pass into a whitelist from internal sources, to drop bad known spammers and then pass anyone else to a snatpool ip range that gets evauled by milter-greylist, however I would like to also account for stuff like

dnsrbl "PBL" zen.spamhaus.org

acl greylist dnsrbl "PBL" delay 66m